0

我有一个相当广泛的应用程序,它被构建为通过 OID 为多个 Web 应用程序提供 SSO。问题是我们已经看到一些用户在其中一个应用程序的角色上变得“孤立”。我编写了一个方法,该方法返回所有有权访问该角色的用户的专有名称。为了执行清理,我试图确保在上一步中返回的用户确实存在于 OID 中。在搜索用户或角色时,我一直在使用 System.DirectoryServices.Protocols.SearchRequest 类,但它不适用于可分辨名称。下面是我的方法。它已经更改了几次以尝试不同的方式使其工作。

    Public Function GetUserByDN(UserDN As String) As SearchResultEntry
        Dim searchString As String = String.Format("baseDN={0}", UserDN)
        Dim containerDN As String = Nothing
        If _extranet Then
            containerDN = "cn=users," & ConfigurationManager.AppSettings("Directory_ExternalDomain")
        Else
            containerDN = "cn=users," & ConfigurationManager.AppSettings("Directory_InternalDomain")
        End If

        Dim attributes(14) As String
        attributes(0) = DIRECTORY_UNIQUE_ID
        attributes(1) = DIRECTORY_FIRST_NAME
        attributes(2) = DIRECTORY_LAST_NAME
        attributes(3) = DIRECTORY_EMAIL_ADDRESS
        attributes(4) = DIRECTORY_TELEPHONE
        attributes(5) = DIRECTORY_STREET
        attributes(6) = DIRECTORY_CITY
        attributes(7) = DIRECTORY_STATE
        attributes(8) = DIRECTORY_ZIP
        attributes(9) = DIRECTORY_CUSTOMER_NAME
        attributes(10) = DIRECTORY_ENABLED
        attributes(11) = DIRECTORY_GIVEN_NAME   ' this is the first name for a domain user
        attributes(12) = DIRECTORY_KBIT_INDICATOR
        attributes(13) = DIRECTORY_REQUESTING_BRANCH
        attributes(14) = DIRECTORY_PWD_MUST_CHANGE

        'Me.Connection.Bind()
        Me.Bind()

        Dim myRequest As New System.DirectoryServices.Protocols.SearchRequest(containerDN, UserDN, SearchScope.Base, attributes)
        Dim myResponse As SearchResponse = Me.Connection.SendRequest(myRequest)
        Dim results As SearchResultEntryCollection = myResponse.Entries

        If results.Count >= 1 Then
            Return results(0)
        Else
            Return Nothing
        End If
    End Function
4

1 回答 1

0

它进行了大量研究并提出其他问题,在哪里可以找到答案。事实证明,我不应该查看用户 OU 并搜索用户的 DN,而应该只查看用户的 DN 并执行一个简单的 LDAP 查询。这是我的最终解决方案。我希望这对社区有所帮助。

       Public Function GetUserByDN(UserDN As String) As SearchResultEntry
        Dim ldapFilter As String = "(objectClass=person)"

        Dim attributes(14) As String
        attributes(0) = DIRECTORY_UNIQUE_ID
        attributes(1) = DIRECTORY_FIRST_NAME
        attributes(2) = DIRECTORY_LAST_NAME
        attributes(3) = DIRECTORY_EMAIL_ADDRESS
        attributes(4) = DIRECTORY_TELEPHONE
        attributes(5) = DIRECTORY_STREET
        attributes(6) = DIRECTORY_CITY
        attributes(7) = DIRECTORY_STATE
        attributes(8) = DIRECTORY_ZIP
        attributes(9) = DIRECTORY_CUSTOMER_NAME
        attributes(10) = DIRECTORY_ENABLED
        attributes(11) = DIRECTORY_GIVEN_NAME
        attributes(12) = DIRECTORY_KBIT_INDICATOR
        attributes(13) = DIRECTORY_REQUESTING_BRANCH
        attributes(14) = DIRECTORY_PWD_MUST_CHANGE

        Me.Bind()

        Dim myRequest As New SearchRequest(UserDN, ldapFilter, SearchScope.Base, attributes)
        Dim myResponse As SearchResponse = Me.Connection.SendRequest(myRequest)

        If myResponse.Entries.Count >= 1 Then
            Return myResponse.Entries(0)
        Else
            Return Nothing
        End If
    End Function
于 2012-05-09T16:35:54.223 回答